Visual-based security compliance processing

ABSTRACT

Multiple cameras capture videos within a secure room. When individuals are detected as entering the room, identities of the individuals are resolved. When an asset is exposed in a field of view of one of the cameras, the individuals&#39; eye and head movements are tracked from the videos with respect to one another and the asset. Additionally, touches made by any of the individuals on the asset are tracked from the videos. The eye and head movements are correlated with the touches or lack of touches according to a security policy for the asset. Any violations of the security policy are written to a secure audit log for the room and the asset.

RELATED APPLICATIONS

This application is a continuation of application Ser. No. 16/696,751,filed Nov. 26, 2019 and claims priority to and is a Continuation-In Partof application Ser. No. 16/383,089, filed Apr. 12, 2019, entitled:“Secure Zone Monitor;” the disclosure of which is incorporated byreference in its entirety herein and below.

BACKGROUND

Some enterprises have very specific and detailed security procedureswith respect to handling a secure asset. This is particularly true inthe banking industry. Banks have a security procedure known as “dualcontrol” associated with a requirements for accessing a secure asset.The asset requires that two individuals be present as checks andbalances whenever the secure asset is accessed. A written log is alsomaintained for auditing that identifies the two individuals, time ofaccess, date of access, and reason for access. Both individuals arerequired to make independent entries in the log and note all movementsmade to the asset that occurred when inside the secure room.

However, there are additional security procedures instituted by banksduring access of a “dual control” asset. The individuals are required tomaintain eye contact with one another when inside a room where thesecure asset is at, if neither one of the individuals are touching theasset and are not yet close enough to touch the asset. As soon as theindividuals are within reaching distance of the asset, they are requiredto be looking at one another and the asset. If one individual touchesthe asset, the other individual must be looking at both the asset andthe individual that is touching the asset.

Staff often forget these in-room security procedures since only themovements of the asset can reasonably be required to be logged.Moreover, the banks have no real way of knowing whether the in-roomsecurity procedures were violated, since most of these procedures relyon the honesty of the staff. Yet, if these security procedures are notmaintained, the bank may be exposed to fraud and theft.

Additionally, the maintaining the logs and training the staff to adhereto the security procedures create costs to the banks.

SUMMARY

In various embodiments, methods and a system for visual-based securitycompliance processing are presented.

According to an embodiment, a method for visual-based securitycompliance is presented. A first person and a second person areidentified as entering a secure area using video analysis of at leastone video. A secure asset is determined as having been exposed in thesecure area by that least one of the first person and the second personusing the at least one video analysis of the video. Behaviors andactions of the first person and second person are tracked with respectto each other and the secure asset using the video analysis of the atleast one video and based on a security policy defining at least thebehaviors and the actions. At least some of the behaviors and theactions are logged in a security audit log.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a diagram of a system for visual-based security compliance,according to an example embodiment.

FIG. 2 is a diagram of a method for visual-based security compliance,according to an example embodiment.

FIG. 3 is a diagram of another method for visual-based securitycompliance, according to an example embodiment.

FIG. 4 is a diagram of another system for visual-based securitycompliance, according to an example embodiment.

DETAILED DESCRIPTION

FIG. 1 is a diagram of a system 100 for visual-based security complianceaccording to an example embodiment. It is to be noted that thecomponents are shown schematically in greatly simplified form, with onlythose components relevant to understanding of the embodiments beingillustrated.

Furthermore, the various components (that are identified in the FIG. 1)are illustrated and the arrangement of the components is presented forpurposes of illustration only. It is to be noted that other arrangementswith more or less components are possible without departing from theteachings of visual-based security compliance processing, presentedherein and below.

As used herein and below, the terms “user,” “personnel,” “actor,”“person,” “individual,” and “subject” may be used interchangeably andsynonymously. The terms refer to an individual detected within a securearea or a monitored area where one or more secure assets are present.

The term “secure room” refers to a predefined enclosed andaccess-controlled area of an enterprise that is being monitored withinimages captured by cameras in real-time video. The entire room may bemonitored through the images of the video frames as well aspre-designated objects (secure assets) within portions of the room. Theroom may require authentication to access or the room may not requireauthentication to access but requires keys or some other secure accessmethod for entering into the room. Assets within the room are beingmonitored for auditing, theft-avoidance, or any violation of predefinedsecurity policy.

An “object” refers to a secure asset that is being monitored within theimages of one or more videos. An object may be a device represented inthe images, a log book, a drawer, a desk, a safe, a Point-Of-Sale (POS)terminal, a Self-Service Terminal (SST), an Automated Teller Machine(ATM), a computer monitor, a piece of jewelry, cash, documents, and/oranything of value or having confidential information, etc.

System 100 includes a plurality of cameras 110 that capture time-stampedvideos of persons and secure within the secure room. System 100 alsoincludes server 120, and one or more sensor(s) 130. Server 120 includesexecutable instructions that execute on one or more hardware processors121 of server 120 from a non-transitory computer-readable storage medium122 as: detector 123, person tracker 124, object tracker 125, eye andhead tracker 126, and tracking manager 127. Non-transitorycomputer-readable-storage medium 122 also includes security policies128.

The security policies 128 includes statements of secure roomidentifiers, secure asset identifiers, and conditions that definesrules. Each rule identifying actions for a given secure room and/orsecure asset that is permissible, that is required to be performed, andthat is impermissible and should not be performed. Each rule may alsoinclude a resource identifier or an action that is to be processed whena given rule is violated. The resource associated with the resourceidentifier may be an automated application, a system, or an electroniccontact address of an individual.

It is to be noted that there may be multiple servers 120, such that thedifferent elements 123-127 may execute on a same server 120 or multipledifferent servers 120 networked together.

Cameras 110 are preconfigured to capture videos 111 of the secure roombased on the field-of-view of the lenses of cameras 110. Some of cameras110 may capture images 111 representing portions of a different areathat a different one of the cameras 110 captures video 111 for. That is,each video 111 can include frames that may overlap multiple ones of thedefined areas.

In an embodiment, the secure room includes a variety of different typesof cameras 110 that are situated at different angles and heights withinthe room. Some cameras 110 may be at waist level or head level to anaverage sized person and directed in different directions upward ordownward slightly for purposes of capturing the eyes of individualswithin the room. Additionally, there is at least one overhead camera 110within the room. The overhead camera 110 may be a two-dimensional camerawhereas the waist level cameras 110 may be three-dimensional cameras.The cameras 110 may be specifically calibrated to capture eyes anddownward movements of the individuals made to touch an asset.

Initially, cameras 110 are situated in locations throughout the secureroom (such as a bank vault but can be other rooms associated withenterprises or even rooms of a consumer's home). Each camera lensconfigured to cover one or more predefined areas of the physical spaceof the room.

Furthermore, metadata is assigned to each camera 110 to include a uniquecamera identifier, a location identifier (representing the physicallocation that camera 110 is situated within the room), and one or morearea identifiers (representing the predefined areas that the lens ofcamera 110 captures in the video 111).

Detector 123 raises an event when a subject or set of subjects is/aredetected within a secure room of the enterprise. This can be done in avariety of manners, such as through motion sensors 130 (which may or maynot be integrated into cameras 110), through an alert indicating from asecurity system that authentication was granted to an individual toaccess a secure room, temperature sensors 130 located within the secureroom, etc.

Person tracker 124 utilizes the videos 111 to create regions of interestthat uniquely identifies each individual from the videos and an areaaround that individual account for a reach from an extremity (arm) ofthe individual. These regions of interest are tracked from frame toframe within each of the videos.

Object tracker 125 utilizes a similar video analysis technique for thesecure asset and structures within the secure room, such as a table,floor, chair, drawers, etc. Object tracker 125 is responsible foridentifying the secure asset and its region of interest.

Any overlap between an individual's region of interest and the asset'sregion of interest indicates a touch being made to the asset,additionally movement of the asset and the individuals are identifiablefrom the regions of interest relative to known background pixelsassociated with the secure room and its structures.

Eye and head tracker 127 uses the region of interest for the individualsto do further analysis on each individual for purposes of determiningeach individuals head movements, head position, head direction, and eyedirection. Eye and head tracker 127 may use a pose estimation algorithmfor purposes of identifying and track each individual's head within thethat individual's region of interest from the videos 111. An iristracking algorithm can be used on the head-based pixels to identify theeyes and the direction of the eyes. Additionally, the head and eyefeatures may be used to derive facial features that can be hashed into abiometric value, which can then be used to uniquely obtain theidentities of the individuals within the secure room.

Tracking manager 127 receives location information relative to eachindividual/person within the room, pose information, eye directions,head positions of the persons from person tracker 124 and eye and headtracker 126. Tracking manager 127 also receives location information forthe asset. Tracking manager 127 also obtains a security policy 128 orset of policies 128 for both the asset and the room. Tracking managerthen determines behaviors of the individuals based on poses and eyedirections of the heads and the eyes and the location of the asset anddetermines actions, such as when the asset is touched, held, or movedwithin the room. These behaviors and actions are associated withidentifiers which are embedded in conditions of the rules for the policy128. The policies may also provide processing actions that are to beperformed when a given condition or rule evaluates to true or false.

A variety of processing actions can be defined with the rules of thepolicies, such as sending an alert to a resource (automated application,system, or electronic messaging address of a human resource), sending analert to cause an alarm to go off within the establishment and/or room,sending an alarm to security personnel, writing behaviors or actions ina security audit log, and others.

Each camera 110 provides time stamp and image-frame stamped video 111 toserver 120. This video 111 can be streamed over a wired or wirelessconnection between cameras 110 and server 120 to a commonly accessiblestorage area on server 120 that is accessible to person tracker 124,object tracker 123, action tracker 126, and audit-notification manager127.

Each accessible video frame of each video 111 includes its metadata(minimally including what was discussed above) with its video frame onthe server 120.

When an event is raised that corresponds to “Subject-Detected” bydetector 123, the event is raised and manager 127 causes the video 111to start recording on server 120. Person tracker 124 also detects theraised event and begins evaluating the video frames being streamed andrecorded on the server 120 to identify and track subjects/individualspresent in the video frames. Regions of interest for each individual areidentified and passed by person tracker 124 to eye and head tracker 126.Eye and head tracker 126 processes a pose estimation and irisrecognition algorithms on the regions of interest and determinespositions of heads, directions of eyes for the persons. Similarly, andsimultaneously, object tracker 125 actively analyzing the video framesto identify and track the location and position of the asset within theroom. Output from trackers 124-126 is fed to manager 127. Manager 127obtains the appropriate policy 128 or policies 128 and determinesbehavior and action identifiers for the individuals with respect to eachother and the asset. The behavior and action identifiers are substitutedinto the conditions of the rules for the policies and the appropriateprocessing actions are performed.

When person tracker 124 reports that the person or all persons beingtracked have left the secure room, manager 127 creates one or more videoclips from the videos 111 taken of the individuals while in the room.The manager 127 creates one or more reference links to the video clipsand logs the reference links into the secure log with the log entriesgenerated by the processing actions of the policies 128.

One now appreciates how system 100 can be used as a real-timevisual-based compliance and security monitor and tracker that canaugment or replace traditional handwritten auditing procedures of securerooms and secure assets. The personnel/individuals may not be requiredto make manual written entries into security logs as this is achievedwith accuracy and without error by system 100. Moreover, non-compliantactions that are deemed severe may have corresponding processing actionsembedded in the rules of the policies that cause manager 127 to providereal-time alerts and notifications, such that breaches can be addressedin near real-time by the enterprise. Additionally, in-room securityprocedures for “dual control” can be enforced and audited withoutrelying on trust of the individuals to properly follow the dual-controlsecurity procedures.

A variety of scenarios are possible with system 100 some of which butnot all of which are now discussed.

Person tracker 124 may be equipped with biometric recognition, such thatfacial features of the individuals being tracked can be derived from thepixels of the video frames and matched to a registered individual or theenterprise. An enterprise identifier for the individual may then berecorded within the security log with the security log entries. Persontracker 124 may utilize eye and head tracker 126 for performing facialrecognition.

It is noted that other biometric features may be used as well, such asand my way of example only, a fingerprint provided by a security systemindicating that the individual was authenticated for access to thesecure area, a retina scan, a digit distance and length measurement, apalm reader, a voice print (captured by a microphone), etc.Additionally, features from the video 111 do not have to only includefacial features and can include any combination of features or a singleset of features associated with the individuals: gait, extremity length,height, and/or facial features.

Detector 123 may report the identifier of an individual based on aseparately performed authentication processing that a person performedbefore access to the secure area was granted. This identifier may be anenterprise identifier for the authenticated person and used by persontracker 124. Manager 124 records the identifier with the secure logentries within the security log.

Manager 127 may utilize a variety of sensors 130 after individuals haveleft the secure room to check that no secure asset or object within thesecure room is reporting a condition that requires attention. Forexample, a safe door of a bank may not have been completely shut whenthe individual that was in the safe (secure area) was reported as havingleft the safe. A door sensor 130 can be checked according to theappropriate policy 128 based on an action associated with leaving thesecure area. The door sensor 130 reports that the safe door is notcompletely shut as it should be. A safety deposit box may be unlocked oronly have one lock reporting that it is locked when two locks arerequired. The policy 128 may indicate that an alert to the person thatwas in the safe or another person should return and address the issueidentified.

In an embodiment, system 100 enforces a bank's dual control securitypolicy where when two individuals are in a secure room with an asset,the two individuals must maintain eye contact with one another when theasset is unattended and not within reaching distance of the individualsor in control of one of the individuals. When the asset is within thecontrol of one of the individuals, the individual not in control mustmaintain eye contact both with the individual having control and theasset.

In an embodiment, manager 127 includes a reporting interface forautomatically or custom generating reports for secure area, secureassets, policy violations, specific individuals, etc.

The above-noted embodiments and other embodiments are now discussed withreference to FIGS. 2-4.

FIG. 2 is a diagram of a method 200 for visual-based security complianceprocessing, according to an example embodiment. The software module(s)that implements the method 200 is referred to as a “secure roommonitor.” The secure room monitor is implemented as executableinstructions programmed and residing within memory and/or anon-transitory computer-readable (processor-readable) storage medium andexecuted by one or more processors of a device. The processor(s) of thedevice that executes the secure room monitor are specifically configuredand programmed to process the secure room monitor. The secure roommonitor may have access to one or more network connections during itsprocessing. The network connections can be wired, wireless, or acombination of wired and wireless.

In an embodiment, the device that executes the secure room monitor isserver 120. In an embodiment, server 120 is a cloud-based server, alocal-area network (LAN)-based server, or a wide-area network (WAN)server.

In an embodiment, the secure room monitor is all or some combination of:the detector 123, person tracker 124, object tracker 125, eye and headtracker 126, and/or tracking manager 127.

At 210, the secure room monitor identifies a first person and a secondperson entering a secure area using video analysis of at least one videocaptured by at least one camera. In an embodiment, the secure area is asecure room of an establishment.

In an embodiment, at 211, the secure room monitor obtains the video astwo or more videos, wherein the at least one video is provided by two ormore cameras situated at different locations and at different angleswith different fields of view within the secure area.

In an embodiment of 211 and at 212, the secure room monitor obtains afirst video from a two-dimensional (2D) camera and a second video from athree-dimensional (3D) camera.

At 220, the secure room monitor determines a secure asset has beenexposed in the secure area by at least one of the first person and thesecond person.

At 230, the secure room monitor tracks behaviors and actions of thefirst person and the second person with respect to each other and theasset using the video analysis of the video(s) and based on a securitypolicy defining at least the behaviors and the actions.

In an embodiment, at 231, the secure room monitor processes a biometricrecognition process to identify a first identity for the first personand a second identity for the second person.

In an embodiment, at 232, the secure room monitor maintains a firstregion of interest for the first person and a second region of interestfor the second person from frames of the video(s).

In an embodiment of 232 and at 233, the secure room monitor processes apose estimation from the first region of interest and the second regionof interest and determine a first head of the first person and a secondhead of the second person within the frames.

In an embodiment of 233 and at 234, the secure room monitor processes aniris tracking algorithm for the first head and the second head anddetermines first eyes of the first person and second eyes of the secondperson from the frames of the video(s).

In an embodiment of 234 and at 235, the secure room monitor determines afirst behavior for the first person based on a first head position ofthe first head and a first eye direction of the first eyes for the firstperson. The secure room monitor also determines a second behavior basedon a second head position of the second head and a second eye directionof the second eyes for the second person.

In an embodiment of 235 and at 236, the secure room monitor ensures thefirst eyes are looking at the second eyes when neither the first personnot the second person are touching or within a reachable distance of theasset within the secure area based on the first head position, the firsteye direction, the second head position, and the second eye direction.

In an embodiment of 236 and at 237, the secure room monitor ensures whenthe first person is touching or in control of the asset that the firsteyes are looking at the asset based on the first head position and thefirst eye direction and that the second eyes are looking at both theasset and the first person based on the second head position and thesecond eye direction.

At 240, the secure room monitor logs at least some of the behaviors andthe actions in a security audit log. Identifiers for the first andsecond persons, an asset identifier for the asset, a secure areaidentifier for the secure area, a date, and time are also logged in thesecurity audit log.

In an embodiment, at 250, the secure room monitor sends a real-timealert when at least one of the behaviors or at least one of the actionsviolate a portion of the security policy.

In an embodiment; the secure room monitor detects that the first personand the second person have exited the secure area and logs a referencelink to a video clip of the video(s) corresponding to a time when thefirst person and the second person were tracked as being within thesecure area.

FIG. 3 is a diagram of another method 300 for visual-based securitycompliance processing, according to an example embodiment. The softwaremodule(s) that implements the method 300 is referred to as an“dual-control auditor.” The dual-control auditor is implemented asexecutable instructions programmed and residing within memory and/or anon-transitory computer-readable (processor-readable) storage medium andexecuted by one or more processors of a device. The processors thatexecute the dual-control auditor are specifically configured andprogrammed to process the dual-control auditor. The dual-control auditormay have access to one or more network connections during itsprocessing. The network connections can be wired, wireless, or acombination of wired and wireless.

In an embodiment, the device that executes the dual-control auditor isthe server 120. In an embodiment, the server 120 is a cloud processingenvironment, a LAN server, or a WAN server.

In an embodiment, the dual-control auditor is all of or some combinationof: detector 123, person tracker 124, object tracker 125, eye and headtracker 126, tracking manager 127, and/or the method 300.

The dual-control auditor presents another and, in some ways, enhancedprocessing perspective of the method 200 discussed above.

At 310, the dual-control auditor determines a first identity for a firstperson and a second identity for a second person granted access andwithin a secure room.

In an embodiment, at 311, the dual-control auditor receives the firstidentify and the second identity from a security system thatauthenticated the first person and the second person for access to thesecure room.

In an embodiment, at 312, the dual-control auditor performs biometricrecognition processing on the first person and the second person basedon one or more of a first video and a second video using facial featuresand/or other biometric features derived from the first and secondvideos.

At 320, the dual-control auditor identifies an asset within the secureroom from the first video that is captured by a first camera.

In an embodiment, at 321, the dual-control auditor detects removal ofthe asset from an enclosure (drawer, cabinet, safe, etc.) within thesecure room from the first video by the first person or the secondperson.

At 330, the dual-control auditor obtains a security policy associatedwith one or more of the asset and the secure room.

At 340, the dual-control auditor tracks eye and head movements of thefirst person and the second person with respect to each other and theasset from at least one second video captured by at least one secondcamera.

In an embodiment, at 341, the dual-control auditor activates afirst-person facing camera directed at a front side of the first personand activates a second-person facing camera directed at a front side ofthe second person.

At 350, the dual-control auditor monitors touches made or control of theasset that is made by the first person or the second person from thefirst video and the one or more second videos.

At 360, the dual-control auditor correlates the eyed and head movementsand the touches with the security policy.

At 370, the dual-control auditor logs any violations of the securitypolicy in an audit log based on 360.

In an embodiment, at 380, the dual-control auditor sends a real-timealert to a security system or a security monitor based on a type ofviolation defined in the security policy.

FIG. 4 is a diagram of a system 400 for visual-based security complianceprocessing, according to an example embodiment. The system 400 includesa variety of hardware components and software components. The softwarecomponents of the system 400 are programmed and reside within memoryand/or a non-transitory computer-readable medium and execute on one ormore processors of the system 400. The system 400 communicates over oneor more networks, which can be wired, wireless, or a combination ofwired and wireless.

In an embodiment, the system 400 implements, inter alia, the processingdescribed above with the FIGS. 1-3,

The system 400 includes a plurality cameras 401 and a server 402. Theserver 402 includes at least one hardware processor 403, anon-transitory computer-readable storage medium 404 having executableinstructions representing a security tracker 405.

The security tracker 405 when executed from the non-transitorycomputer-readable storage medium 404 on the processor 403 is configuredto cause the processor 403 to perform processing comprising: 1)determining when a first person and a second person enter the secureroom based on a first video captured by a first camera 401; 2)determining a first identity for the first person and a second identityfor the second person; 3) determining when an asset was exposed withinthe secure room from the first video; 3) obtaining a policy based on theasset; 4) activating a second camera 401 to capture second video with afirst focus on the first person; 5) activating a third camera 401 tocapture third video with a second focus on the second person; 6)monitoring eye, head, and hand movements of the first person and thesecond person using the first video, the second video, and the thirdvideo; and 6) logging in an audit log any violations of the policy basedon the eye, head, and hand movements.

In an embodiment, the first camera 401 is a two-dimensional camera, andthe second camera 401 and the third camera 401 are three-dimensionalcameras.

In an embodiment, the security manager is all of or some combination of:detector 123, person tracker 124, object tracker 125, eye and headtracker 126, tracking manager 127, the method 200, and/or the method300.

It should be appreciated that where software is described in aparticular form (such as a component or module) this is merely to aidunderstanding and is not intended to limit how software that implementsthose functions may be architected or structured. For example, modulesare illustrated as separate modules, but may be implemented ashomogenous code, as individual components, some, but not all of thesemodules may be combined, or the functions may be implemented in softwarestructured in any other convenient manner.

Furthermore, although the software modules are illustrated as executingon one piece of hardware, the software may be distributed over multipleprocessors or in any other convenient manner.

The above description is illustrative, and not restrictive. Many otherembodiments will be apparent to those of skill in the art upon reviewingthe above description. The scope of embodiments should therefore bedetermined with reference to the appended claims, along with the fullscope of equivalents to which such claims are entitled.

In the foregoing description of the embodiments, various features aregrouped together in a single embodiment for the purpose of streamliningthe disclosure. This method of disclosure is not to be interpreted asreflecting that the claimed embodiments have more features than areexpressly recited in each claim. Rather, as the following claimsreflect, inventive subject matter lies in less than all features of asingle disclosed embodiment. Thus, the following claims are herebyincorporated into the Description of the Embodiments, with each claimstanding on its own as a separate exemplary embodiment.

1. (canceled)
 2. A method comprising: monitoring a secure area throughvideo analysis of at least one video; assigning identifiers to thesecure area and objects identified in the secure area from the at leastone video; determining at least one person has entered the secure areabased on the at least one video; identifying actions and behaviors ofthe at least one person from the at least one video with respect to thesecure area or the objects; and performing one or more of: loggingaction identifiers for the actions, behavior identifiers for thebehaviors, and at least one-person identifier for the at least oneperson in a security log; or raising an alert to a resource based on aparticular object identifier for a particular object being detectedwithin the secure area with the at least one person.
 3. The method ofclaim 2, wherein determining further includes raising a second alert tothe resource or a different resource based on the at least one personbeing detected within the secure area.
 4. The method of claim 2, whereinidentifying further includes tracking the actions and the behaviorsbased on a security policy associated with one or more of: the securearea, at least one of the objects, and the at least one person.
 5. Themethod of claim 2, wherein identifying further includes raising a secondalert to the resource or a different resource based on detecting from atleast one of the actions that a secure object has been exposed by the atleast one person within the secure area.
 6. The method of claim 2,wherein identifying further includes identifying at least two personswithin the secure area and tracking at least some of the behaviors asinteractions between the at least two persons within the secure areawhen a secure object is exposed within the secure area by one of the atleast two persons.
 7. The method of claim 6, wherein identifying furtherincludes tracking eye movements of each of the at least two persons withrespect to the secure object and one another while the secure object isexposed within the secure area.
 8. The method of claim 2, whereinidentifying further includes performing biometric recognition on the atleast one person and assigning at least one-person identity to the atleast one person based on the biometric recognition.
 9. The method ofclaim 8, wherein performing the biometric recognition further includesobtaining one or more security policies based on the at least one-personidentity and tracking the actions and the behaviors based on the one ormore security policies.
 10. The method of claim 2, wherein identifyingfurther includes obtaining security policies based action identifiersfor the actions, behavior identifiers for the behaviors, the securearea, and the at least one person and tracking the actions and thebehaviors for the at least one person and the objects based on thesecurity policies.
 11. The method of claim 2 further comprising:creating a video clip when the at least one person is determined to haveleft the secure area, wherein the video clip representing a time periodduring which the at least one person was within the secure area;creating a reference link to access the video clip; and logging thereference link in the security log.
 12. The method of claim 2 furthercomprising: checking at least one sensor associated with at least oneobject within the secure area when the at least one person is determinedto have left the secure area; and reporting a condition associated withthe at least one sensor to the at least one person or to the resource.13. A method, comprising: obtaining at least one real-time video feed ofan area; tracking objects present within the at least one real-timevideo feed based on object identifiers; detecting at least one personwithin the secure area when a particular object identifier is alsopresent from the at least one real-time video feed; and raising an alertto a resource based on the detecting.
 14. The method of claim 13 furthercomprising tracking actions of the at least one person based on actionidentifiers for the actions detected from the at least one real-timevideo feed.
 15. The method of claim 14 further comprising trackingbehaviors of the at least one person based on behavior identifiers forthe behaviors detected from the at least one real-time video feed. 16.The method of claim 15 further comprising, monitoring the actionidentifiers, the behavior identifiers, and the object identifiers basedon a security policy.
 17. The method of claim 16 further comprising,logging the action identifiers, the behavior identifiers, an areaidentifier for the area, a security policy identifier for the securitypolicy, and at least one-person identifier for the at least one personin a security log.
 18. The method of claim 17 further comprising, addinga reference link to a video clip obtained from the at least onereal-time video feed that depicts a time period that the at least oneperson was within the area.
 19. The method of claim 13, whereindetecting further includes receiving at least one-person identity forthe at least one person from a security system that authenticated the atleast one person before the at least one person entered and was detectedwithin the area.
 20. A system, comprising: cameras configured to providereal-time video feeds of a monitored area; a server comprising aprocessor and a non-transitory computer-readable storage medium; thenon-transitory computer-readable storage medium comprising executableinstructions; the executable instructions when executed on the processorfrom the non-transitory computer-readable storage medium cause theprocessor to perform operations comprising: performing video analysis onthe real-time video feeds; identifying from the video analysis objectidentifiers for objects present within the real-time video feeds;determining from the video analysis when at least one person enters themonitored area; determining from the video analysis a presence of aparticular object based on a particular object identifier that becomesidentifiable from the real-time video feeds when the at least one personis in the monitored area; and raising an alert to a resource based onthe presence of the particular object within the monitored area with theat least one person.
 21. The system of claim 20, wherein the theexecutable instructions associated with determining that the at leastone person entering the monitored area when executed on the processorfrom the non-transitory computer-readable storage medium further causethe processor to perform additional operations comprising: ensuring thata security system has provided at least one-person identity for the atleast one person indicating that the at least one person authenticatedwith the security system before entering the monitored area; raising asecond alert to the resource when the at least one person is notassociated with the at least one-person identity indicating that the atleast one person was not authenticated with the security system beforeentering the monitored area; and performing additional authentication onthe at least one-person from the real-time video feeds when the at leastone person is associated with the at least one-person identity andenters the monitored area.